summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2019-04-30reassembly: avoid race-conditionsKlement Sekera1-12/+26
Change-Id: Ibf5c283217a985e43a562f1969573eeb26ee6017 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-04-26IF: return VTR attributes for all ifs in dump APIAlexander Chernavin1-20/+20
With this commit, VTR attributes are shown not only for subinterfaces but for all interfaces. Change-Id: I498185d905c0bf48431cddb916165f8e9c841b1f Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-04-26crypto, ipsec: change GCM IV handlingDamjan Marion3-4/+22
- nonce construction out of salt and iv is ipsec specific so it should be handled in ipsec code - fixes GCM unit tests - GCM IV is constructed out of simple counter, per RFC4106 section 3.1 Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-26svm: fifo segment support for chunk allocationFlorin Coras2-2/+26
Change-Id: Ie96706b4d8bcb32d2d5f065bc765f95f4e9369e7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25crypto: AES GCM IV length is always 12Damjan Marion2-2/+1
... at least for use cases we are interested in Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25tap: Fix the indirect buffer allocationMohsin Kazmi1-1/+1
Change-Id: I73f76c25754f6fb14a49ae47b6404f3cbabbeeb5 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-25session: cleanup segment manager and fifo segmentFlorin Coras10-381/+402
Change-Id: I984f347fb465c0c405cef668d8690457e81788e2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25crypto_ipsecmb: use pre-expanded keysDamjan Marion1-1/+1
Change-Id: Ie1d34b7e71554516595e0cd228e2cd54a3b8d629 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25session: use teps in accept/connect notificationsFlorin Coras6-48/+40
Change-Id: I58e713661a38cecbfdebd4609292d9d12e880cd2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25IPSEC; dpdk backend for tunnel interface encryptionNeale Ranns8-57/+94
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-25ipsec: drop runts in esp-decryptDamjan Marion1-0/+8
Change-Id: Id7fcaf8590f9f2dcccdebea0ad31c7ecd1cbc8af Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25crypto: improve key handlingDamjan Marion11-26/+208
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25Remove dummy_interface_tx nodes from l2tp l2xcrw and nshJohn Lo2-18/+0
Change-Id: I51e0d4a9ec62514a85bbe4c5f56a48d60ab6f4e4 Signed-off-by: John Lo <loj@cisco.com>
2019-04-24Add get_endpoint in transport vftAloys Augustin5-13/+88
This allows QUIC & TLS specific logic to be implemented, and meaningfull IP/port to be returned when connection is overridden. Change-Id: Id79c59fe4d7b16d36f0e96ad3e281c4026b5fe65 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-04-24ip4_lookup_inline: leverage vlib_get_buffers to improve perfZhiyong Yang1-32/+27
vlib_get_buffers can save at least 1.2 clocks/pkt for ip4_lookup_inline on Haswell. Change-Id: I730fc346cec4d2eb5ca364308e45268bda4d5f89 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-24QUIC: Add multi-stream support to internal test appsAloys Augustin6-7/+171
Change-Id: Iab07697ef482529e62c11433cffa1f8f894e5bb7 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-04-24UDPC: Fix open segfault with multiple workersAloys Augustin1-1/+3
Change-Id: Ib4a64f17831e2419f1d6140a6d24649c096bdfa5 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-04-24l2: Add support for arp unicast forwardingMohsin Kazmi6-8/+112
Change-Id: I79fc55f36a9b83957f84619bdf8cef08acc8ec24 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-24session: remove unused fifo allo return valueFlorin Coras3-11/+7
Change-Id: I50a6bcc127e4b44becc4b694bdd3018ac9bfab5c Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24ethernet_input_inline: leverage vlib_get_buffersZhiyong Yang1-17/+14
Make full use of well optimized function vlib_get_buffers for ethernet_input_inline. Change-Id: Iee7df570b87fa95c0902895686a62386d730f9a1 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-24Rearrange prefetching in ipsec_output_inlineVratko Polak1-6/+6
Change-Id: I6151e57643ebed42f51b795980db2c52084295ab Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2019-04-23API sw_interface_dump: Dump all if index is zeroVratko Polak2-5/+6
This is a temporary measure, to allow CSIT usage of VAT command sw_interface_dump without arguments. Change-Id: Ic40adfcc89d92179e213afc497e4e71bbc0dad83 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2019-04-23Fix a ipsec command line typoSimon Zhang1-1/+1
Change-Id: Ic75df36e06a77730ff8764f96d3cf53c4e59923b Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2019-04-23vnet: clean up calc_checksums()Zhiyong Yang1-7/+8
Remove the duplicated code and unnecessary operations. Change-Id: I78005848d29d3156165627926a79015d590d61a6 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-23ipsec4-output: add pkt header and data prefetchingZhiyong Yang1-2/+9
The graph node running IPsec encap in tunnel mode can be saved from 65.8 to 57.3 clocks/pkt on Haswell platform. The graph node can be saved 10 clockes/pkt on DVN as well in the same case. Change-Id: I4804879c4d489465ee56a8f8317596b7e79b9331 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-22GRE: set gre_tunnel_type init value to zero in APIAlexander Chernavin1-1/+1
Change-Id: I9715b0578852a1ed59d78b7a9e28f32fc763ed3c Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-04-19Doxygen cleanup.Dave Wallace2-2/+2
- Add subpages definitions in appropriate section (User or Dev docs) for doc files (*.rst, *.md) that being listed at the top level of the generated doc page. - Generate and add API list to RELEASE doc. - Fix list_api_changes script to use HEAD as the endtag so it doesn't need to be changed every release. Change-Id: Iace7b6433359c6b96869cb1db01facbbcb0ac1e6 Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit 11ee93f6abfaddf5bbd56cf0858c0c6ea0384b65)
2019-04-19IPSEC: IPv6 ESP transport mode incorrect packet length and checksum (VPP-1654)Neale Ranns1-7/+14
Change-Id: Ia3474e5bfea5764eae9b2987bf78296535df6778 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-196rd: fix debug cli short-helpBenoît Ganne1-1/+2
Debug cli short help for 6rd tunnel creation was out-of-date. Change-Id: I06e4d28481470825bf225ba0fd371a3aebd889fa Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-19DOCS-ONLY: Fix broken doxygen tag in BVIDave Wallace1-1/+1
Change-Id: Ia42e7c93ebe51a36470f1358827451bcb98da433 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-04-19IPSEC: ESP IPv6 transport mode payload length incorrect (VPP-1653)Neale Ranns1-1/+3
Change-Id: I8977100d7a22b50260858bd1ea9db419b53284ff Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-19FIB: recursion casues path reallocNeale Ranns1-1/+12
Change-Id: Ie9c2954eee90ca1a1fc1aa8280f93b2340b544c1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-18svm: allow indirect fifo data chunksFlorin Coras1-1/+0
Fifos can use multiple memory chunks for simple read/write operations. Adding/removing chunks after assignment not yet supported. Change-Id: I2aceab6aea78059d74e0d3a9993c40d5196d077b Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-18GRE: API updateNeale Ranns4-88/+136
Change-Id: I5010cd34123c6498230dedac6ba8dd774a1085f9 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-18tls: allow engines to customize closeFlorin Coras2-18/+26
Change-Id: I11ac3e4f59206902e5dfc326f815c877c5dd6643 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-18IPSEC: tunnel rekey fix and test (VPP-1652)Neale Ranns1-21/+24
Change-Id: I1c2b3e40c689bedcdcea7887792b6b6b6aeb48d5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-17session: fix segment manager init conditionFlorin Coras1-1/+1
Change-Id: I0ef3115bd29a11538090c582a4eacdbb7cd86d7a Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-17Make sw_interface_dump more compatible with 2.2.0Vratko Polak2-9/+6
+ As old PAPI clients are likely to put zero as the value for sw_if_index, the behavior should not perform index filtering at least when name filtering is enabled (valid). + interface.api version set to 2.3.0, as the new behavior is backward compatible (at least for PAPI with name filter enabled), but not forward compatible. + Minor whitespace cleanup. Change-Id: I315a0eae4004f9d9b6c5f9ecf0f179e669729118 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2019-04-17vcl/session: tx notifications for cut-thru sessionsFlorin Coras3-0/+32
Change-Id: I076c753e419bbb177d2d28609190715e9895b398 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-17api: Add to interface crud - read by sw_if_index.Paul Vinciguerra2-1/+25
Change-Id: I02c857da4cf6da5e0e55c1e48b63716af7ade0a9 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-04-17Revert "Revert "bond: problem switching from l2 to l3""Steven Luong1-0/+11
This reverts commit 5d0d5494db58422eb528c0f8b39a86ea966505e9. The csit crash was actually due to the test image missing the patch https://gerrit.fd.io/r/#/c/17731/ It was a mistake to revert the original patch https://gerrit.fd.io/r/#/c/15577/ Change-Id: I7fc563981aa13d308d55b25194fee21475ebc57d Signed-off-by: Steven Luong <sluong@cisco.com>
2019-04-17tap: clean-up when linux will delete the tap interfaceMohsin Kazmi2-0/+43
When container is deleted which has tap interface attached, Linux also delete the tap interface leaving the VPP side of tap. This patch does a clean up job to remove that VPP side of tap interface. To produce the behavior: In VPP: create tap On linux: sudo ip netns add ns1 sudo ip link set dev tap0 netns ns1 sudo ip netns del ns1 Change-Id: Iaed1700073a9dc64e626c1d0c449f466c143f3ae Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-17IPSEC: Pass the algorithm salt (used in GCM) over the APINeale Ranns6-10/+16
Change-Id: Ia8cea13f7b937294e6a080a55fb2ceff30063acf Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-17Duplicate pcap tx trace fixNeale Ranns1-3/+0
Change-Id: I0657cb44f58942ef281046dd3841bda669b10589 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-16ADJ: crash in format/show (VPP-1648)Neale Ranns1-1/+1
Change-Id: I26279c19b879e59c68fda31426fe42dae62a858d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-16IPSEC: SA format; don't print keys when there's no algoNeale Ranns1-7/+8
Change-Id: I4d1d22cb24564896264e77c1810804ea3f54cb37 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-16svm_fifo rework to avoid contention on cursizeSirshak Das11-39/+33
Problems Addressed: - Contention of cursize by producer and consumer. - Reduce the no of modulo operations. Changes: - Synchronization between producer and consumer changed from cursize to head and tail indexes Implications: reduces the usable size of fifo by 1. - Using weaker memory ordering C++11 atomics to access head and tail based on producer and consumer role. - Head and tail indexes are unsigned 32 bit integers. Additions and subtraction on them are implicit 32 bit Modulo operation. - Adding weaker memory ordering variants of max_enq, max_deq, is_empty and is_full Using them appropriately in all places. Perfomance improvement (iperf3 via Hoststack): iperf3 Server: Marvell ThunderX2(AArch64) - iperf3 Client: Skylake(x86) ~6%(256 rxd/txd) - ~11%(2048 rxd/txd) Change-Id: I1d484e000e437430fdd5a819657d1c6b62443018 Signed-off-by: Sirshak Das <sirshak.das@arm.com> Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
2019-04-16QUIC: Initial multi stream supportAloys Augustin1-0/+1
To connect a stream, apps should call connect while passing the id of the QUIC connection in the new transport_opts field in session_endpoint_cfg_t. Apps are notified of new streams with their accept callback, which is called each time a peer opens a stream. Change-Id: I0f82ec344db58008d54641553eddec2973768435 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-04-16Allow sessions to be allocated in app's RX callbacksAloys Augustin1-3/+11
This enables applications to create sessions in their RX callbacks, which can invalidate the session pointer. This is required for the QUIC protocol implementation. Change-Id: I6072c1c368fd9d17a960ec086a788089dd6f54b4 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-04-16IPSEC: support GCM in ESPNeale Ranns13-13/+127
Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d Signed-off-by: Neale Ranns <nranns@cisco.com>